/**
 * Copyright (c) Huawei Technologies Co., Ltd. 2025-2025. All rights reserved.
 */

/**
 * @addtogroup FIDO2
 * @{
 *
 * @brief Provides APIs for fido2 capability.
 * @since 6.0.0(20)
 */

/**
 * @file fido2.h
 * @kit OnlineAuthenticationKit
 *
 * @brief Declares the APIs provides the capabilities to use FIDO2 online authentication.
 *
 * @library libfido2_ndk.so
 * @syscap SystemCapability.Security.FIDO2
 * @since 6.0.0(20)
 */

#ifndef FIDO2_H
#define FIDO2_H

#include <stdint.h>

#ifdef __cplusplus
extern "C" {
#endif

/**
 * @brief Defines the uint8_t byte stream.
 * @since 6.0.0(20)
 */
typedef struct Uint8Buff {
    /** The length. */
    uint32_t length;
    /** The val. */
    uint8_t *val;
} Uint8Buff;

/**
 * @brief Status of the TokenBinding protocol.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_TokenBindingStatus {
    /** Status during normal communication. */
    FIDO2_PRESENT = 0,
    /** Token binding is supported, but communication is not yet available. */
    FIDO2_SUPPORTED = 1
} FIDO2_TokenBindingStatus;

/**
 * @brief For WebAuthn Relying Parties to reference when generating credentials to
 * specify preferences for credential delivery.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_AttestationConveyancePreference {
    /** none Relying parties are not interested in validator proof, default value. */
    FIDO2_NONE = 0,
    /**
     * The indirect relying party prefers to provide a verifiable attestation statement document,
     *  but allows the customer to decide how to obtain such attestation statement.
     */
    FIDO2_INDIRECT = 1,
    /** Direct Relying parties want to receive attestation claims generated by verifiers. */
    FIDO2_DIRECT = 2,
    /**
     * The Relying Party wants to receive an enterprise attestation,
     *  which is an attestation statement that may include information which uniquely identifies the authenticator.
     */
    FIDO2_ENTERPRISE = 3
} FIDO2_AttestationConveyancePreference;

/**
 * @brief Relying parties may require user authentication(verifying whether the current user is the user)
 * for some operations,but do not require other operations. Enumeration types are defined to
 * distinguish different requirement levels.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_UserVerificationRequirement {
    /** User verification is required. */
    FIDO2_REQUIRED = 0,
    /**
     * Relying parties prioritize user validation of the operation when possible,
     *  but do not fail if the response does not have the user validation flag set.
     */
    FIDO2_PREFERRED = 1,
    /**
     * Relying parties do not want to use user authentication during operations.
     *  (e.g., to minimize interference with user interaction flows).
     */
    FIDO2_DISCOURAGED = 2
} FIDO2_UserVerificationRequirement;

/**
 * @brief Enum for authenticator attachment.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_AuthenticatorAttachment {
    /** Platform authenticator, fingerprint, face, etc. */
    FIDO2_PLATFORM = 0,
    /**
     * Cross-platform authenticator, also known as roaming authentication,
     *  includes Bluetooth, NFC, and USB.
     */
    FIDO2_CROSS_PLATFORM = 1
} FIDO2_AuthenticatorAttachment;

/**
 * @brief Enum for authenticator transport.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_AuthenticatorTransport {
    /** USB. */
    FIDO2_USB = 0,
    /** NFC. */
    FIDO2_NFC = 1,
    /** BLE. */
    FIDO2_BLE = 2,
    /** smart card. */
    FIDO2_SMART_CARD = 3,
    /** Hybrid. */
    FIDO2_HYBRID = 4,
    /** Internal. */
    FIDO2_INTERNAL = 5
} FIDO2_AuthenticatorTransport;

/**
 * @brief Enum for algorithm.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_Algorithm {
    /** ES256. */
    FIDO2_ES256 = -7,
    /** ES384. */
    FIDO2_ES384 = -35,
    /** ES512. */
    FIDO2_ES512 = -36,
    /** RS256. */
    FIDO2_RS256 = -257,
    /** RS384. */
    FIDO2_RS384 = -258,
    /** RS512. */
    FIDO2_RS512 = -259,
    /** PS256. */
    FIDO2_PS256 = -37,
    /** PS384. */
    FIDO2_PS384 = -38,
    /** PS512. */
    FIDO2_PS512 = -39
} FIDO2_Algorithm;

/**
 * @brief Enum for publicKey credential hint.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_PublicKeyCredentialHint {
    /** Security key. */
    FIDO2_SECURITY_KEY = 0,
    /** Client device. */
    FIDO2_CLIENT_DEVICE = 1,
    /** Hybrid. */
    FIDO2_HINT_HYBRID = 2,
} FIDO2_PublicKeyCredentialHint;

/**
 * @brief Enum for publicKey credential type.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_PublicKeyCredentialType {
    /** Public key. */
    FIDO2_PUBLIC_KEY = 0,
} FIDO2_PublicKeyCredentialType;

/**
 * @brief Enum for uvm.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_Uvm {
    /** Fingerprint authenticator. */
    FIDO2_UVM_FINGERPRINT = 2,
    /** PIN authenticator. */
    FIDO2_UVM_PIN = 4,
    /** 3D face authenticator. */
    FIDO2_UVM_FACEPRINT = 16,
} FIDO2_Uvm;

/**
 * @brief Enum for client capability.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_ClientCapability {
    /** Conditional of create. */
    FIDO2_CONDITIONAL_CREATE = 0,
    /** Conditional of get. */
    FIDO2_CONDITIONAL_GET = 1,
    /** Hybrid transport. */
    FIDO2_HYBRID_TRANSPORT = 2,
    /** Passkey platform authenticator. */
    FIDO2_PASSKEY_PLATFORM_AUTHENTICATOR = 3,
    /** User verifying platform authenticator. */
    FIDO2_USER_VERIFYING_PLATFORM_AUTHENTICATOR = 4,
    /** Related origins. */
    FIDO2_RELATED_ORIGINS = 5,
    /** Signal all accepted credentials. */
    FIDO2_SIGNAL_ALL_ACCEPTED_CREDENTIALS = 6,
    /** Signal current user details. */
    FIDO2_SIGNAL_CURRENT_USER_DETAILS = 7,
    /** Signal unknown credential. */
    FIDO2_SIGNAL_UNKNOWN_CREDENTIAL = 8,
    /** Extension params of uvi. */
    FIDO2_EXTENSION_UVI = 9
} FIDO2_ClientCapability;

/**
 * @brief Enum of the mediation requirements.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_CredentialMediationRequirement {
    /**
     * User mediation is suppressed for the given operation. If the operation can be performed without user involvement, wonderful.
     * If user involvement is necessary, then the operation will return null rather than involving the user.
     */
    FIDO2_SILENT = 0,
    /**
     * If credentials can be handed over for a given operation without user mediation, they will be.
     * If user mediation is required, then the user agent will involve the user in the decision.
     */
    FIDO2_OPTIONAL = 1,
    /**
     * If credentials can be handed over for a given operation without user mediation, they will be.
     * If user mediation is required, then the user agent will involve the user in the decision.
     */
    FIDO2_CONDITIONAL = 2,
    /** The user agent will not hand over credentials without user mediation, even if the prevent silent access flag is unset for an origin. */
    FIDO2_MEDIATION_REQUIRED = 3
} FIDO2_CredentialMediationRequirement;

/**
 * @brief Defines ErrorCode.
 * @since 6.0.0(20)
 */
typedef enum FIDO2_ErrorCode {
    /** Success. */
    FIDO2_SUCCESS = 0,
    /** Permission denied. */
    FIDO2_PERMISSION_DENIED = 201,
    /** The system does not support. */
    FIDO2_NOT_SUPPORT = 1021300001,
    /** Invalid state. */
    FIDO2_INVALID_STATE = 1021300002,
    /** System integrity check failed. */
    FIDO2_INTEGRITY_CHECK_FAILED = 1021300003,
    /** User abort. */
    FIDO2_USER_ABORT = 1021300004,
    /** Time out. */
    FIDO2_TIMEOUT = 1021300005,
    /** Encoding error. */
    FIDO2_ENCODING_ERROR = 1021300006,
    /** Unknown error. */
    FIDO2_UNKNOWN_ERROR = 1021300007,
    /** The constraint condition is incorrect. */
    FIDO2_CONSTRAINT_ERROR = 1021300008,
    /** Data error. */
    FIDO2_DATA_ERROR = 1021300009,
    /** User Rejects. */
    FIDO2_USER_REJECTS = 1021300010,
    /** Failed to connect to the service. */
    FIDO2_CONNECT_SERVICE_FAILED = 1021300011,
    /** Invalid CTAP command. */
    FIDO2_INVALID_CTAP_COMMAND = 1021310001,
    /** The command contains invalid parameters. */
    FIDO2_INVALID_PARAMETERS = 1021310002,
    /** Invalid message or attribute length. */
    FIDO2_INVALID_MESSAGE_OR_ATTRIBUTE_LENGTH = 1021310003,
    /** Invalid CBOR or unpredictable error. */
    FIDO2_INVALID_CBOR_OR_UNPREDICTABLE = 1021310004,
    /** Failed to parse the CBOR. */
    FIDO2_PARSE_CBOR_FAILED = 1021310005,
    /** No valid credentials were provided. */
    FIDO2_INVALID_CREDENTIALS = 1021310006,
    /** Not allowed. */
    FIDO2_NOT_ALLOWED = 1021310007,
    /** User verification failed. */
    FIDO2_USER_VERIFICATION_FAILED = 1021310008,
    /** Other error. */
    FIDO2_OTHER_ERROR = 1021310009,
} FIDO2_ErrorCode;

/**
 * @brief Authentication extensions.
 * @since 6.0.0(20)
 */
typedef struct AuthenticationExtensionsClientOutputs {
    /** Placeholder, indicating that the returned message JSON contains the key clientExtensionResults. Always return NULL. */
    char *placeholder;
} AuthenticationExtensionsClientOutputs;

/**
 * @brief Defines the structure for obtain the certification result.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_AuthenticatorResponse {
    /** Authenticator data. */
    Uint8Buff authenticatorData;
    /** Signature. */
    Uint8Buff signature;
    /** UserHandle. Optional. */
    Uint8Buff userHandle;
    /** Obtains ClientData JSON data. */
    Uint8Buff clientDataJson;
} FIDO2_AuthenticatorResponse;

/**
 * @brief Defines the structure for obtain the certification result.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_PublicKeyAssertionCredential {
    /** Raw credential Id. */
    Uint8Buff rawId;
    /** The credential’s identifier. The requirements for the identifier are distinct for each type of credential. */
    const char *id;
    /** This attribute returns the value of the object’s interface object's slot, which specifies the credential type represented by this object. */
    const char *type;
    /** Authentication response. */
    FIDO2_AuthenticatorResponse response;
    /** Attachment of the authenticator. Optional. */
    FIDO2_AuthenticatorAttachment authenticatorAttachment;
    /** The client extension results. The current version doesn't support extensions, so the placeholder is always NULL,
     * so it is must be parsed this value corresponding to the clientExtensionResults key into {}. */
    AuthenticationExtensionsClientOutputs clientExtensionResults;
} FIDO2_PublicKeyAssertionCredential;

/**
 * @brief Authenticator transport array.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_AuthenticatorTransportArray {
    /** Transport number. */
    uint32_t transportNum;
    /** Defines the authenticator access type (USB, NFC, Bluetooth). */
    FIDO2_AuthenticatorTransport *transports;
} FIDO2_AuthenticatorTransportArray;

/**
 * @brief Authenticator attestation response.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_AuthenticatorAttestationResponse{
    /** Attestation object. */
    Uint8Buff attestationObject;
    /** Obtains ClientData JSON data. */
    Uint8Buff clientDataJson;
    /** The options of publicKey credential request, byte stream. */
    Uint8Buff publicKey;
    /** Authenticator data, byte stream. */
    Uint8Buff authenticatorData;
    /** Algorithm. */
    FIDO2_Algorithm publicKeyAlgorithm;
    /** Defines the authenticator access type (USB, NFC, Bluetooth). */
    FIDO2_AuthenticatorTransportArray transports;
} FIDO2_AuthenticatorAttestationResponse;

/**
 * @brief Defines the structure for obtain the certification result.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_PublicKeyAttestationCredential{
    /** Raw credential Id. */
    Uint8Buff rawId;
    /** Authentication response. */
    FIDO2_AuthenticatorAttestationResponse response;
    /** Attachment of the authenticator. Optional. */
    FIDO2_AuthenticatorAttachment authenticatorAttachment;
    /** The credential’s identifier. The requirements for the identifier are distinct for each type of credential. */
    const char *id;
    /** This attribute returns the value of the object’s interface object's slot, which specifies the credential type represented by this object. */
    const char *type;
    /** The client extension results. The current version doesn't support extensions, so the placeholder is always NULL,
     * so it is must be parsed this value corresponding to the clientExtensionResults key into {}. */
    AuthenticationExtensionsClientOutputs clientExtensionResults;
} FIDO2_PublicKeyAttestationCredential;

/**
 * @brief This parameter is specified by the webAuthn relying party
 * and is related to the authenticator.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_AuthenticatorSelectionCriteria {
    /** Authenticator attachment. Optional. */
    FIDO2_AuthenticatorAttachment authenticatorAttachment;
    /** Resident Key. Optional. */
    const char *residentKey;
    /** Is require resident Key or not. The default value is false. Optional. */
    bool requireResidentKey;
    /** User verification requirement enumeration. The default value is preferred. Optional. */
    FIDO2_UserVerificationRequirement userVerification;
    } FIDO2_AuthenticatorSelectionCriteria;

/**
 * @brief Parameters for registering or authenticating credentials.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_PublicKeyCredentialDescriptor {
    /** Credential type. */
    FIDO2_PublicKeyCredentialType type;
    /** Credential id. */
    Uint8Buff id;
    /** Defines the authenticator access type (USB, NFC, Bluetooth). */
    FIDO2_AuthenticatorTransportArray transports;
} FIDO2_PublicKeyCredentialDescriptor;

/**
 * @brief Additional options for creating a new authentication credential.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_PublicKeyCredentialParameters {
    /** PublicKey credential type. */
    FIDO2_PublicKeyCredentialType type;
    /** Algorithm. */
    FIDO2_Algorithm alg;
} FIDO2_PublicKeyCredentialParameters;

/**
 * @brief Attribute that represents the relying party when creating a new credential.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_PublicKeyCredentialUserEntity {
    /** Id. */
    Uint8Buff id;
    /** DisplayName. */
    char *displayName;
    /** name. */
    char *name;
} FIDO2_PublicKeyCredentialUserEntity;

/**
 * @brief Attribute that represents the relying party when creating a new credential.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_PublicKeyCredentialRpEntity {
    /** Id. */
    char *id;
    /** name. */
    char *name;
} FIDO2_PublicKeyCredentialRpEntity;

/**
 * @brief PublicKey Credential Descriptor array.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_PublicKeyCredentialDescriptorArray {
    /** AllowCredential number */
    uint32_t allowCredentiallNum;
    /** The list of additional parameters for authentication credentials. The default value is []. */
    FIDO2_PublicKeyCredentialDescriptor *allowCredentials;
} FIDO2_PublicKeyCredentialDescriptorArray;

/**
 * @brief Hint array.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_PublicKeyCredentialHintArray {
    /** Hint number */
    uint32_t hintNum;
    /** The list of hints */
    FIDO2_PublicKeyCredentialHint *hints;
} FIDO2_PublicKeyCredentialHintArray;

/**
 * @brief Defines FIDO2 authentication request parameters.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_PublicKeyCredentialRequestOptions {
    /** Obtains the challenge value. */
    Uint8Buff challenge;
    /** Timeout. Optional. */
    uint32_t timeout;
    /** The Rp ID. Optional. */
    char *rpId;
    /** The list of additional parameters for authentication credentials. Optional. */
    FIDO2_PublicKeyCredentialDescriptorArray allowCredentials;
    /** User verification requirement enumeration. The default value is preferred. Optional. */
    FIDO2_UserVerificationRequirement userVerification;
    /** Hints. The default value is []. Optional. */
    FIDO2_PublicKeyCredentialHintArray hints;
    /** The extensions must be a JSON string representing a Map<string, Object> object. Optional. */
    char *extensions;
} FIDO2_PublicKeyCredentialRequestOptions;

/**
 * @brief The array of additional parameters for authentication credentials.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_CredentialCreationOptionArray {
    /** PubKeyCredParam count */
    uint32_t pubKeyCredParamNum;
    /** The list of additional parameters for authentication credentials. */
    FIDO2_PublicKeyCredentialParameters *pubKeyCredParams;
} FIDO2_CredentialCreationOptionArray;

/**
 * @brief The array of relying Party MAY use this OPTIONAL member to specify a 
 * preference regarding the attestation statement format used by the authenticator.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_AttestationFormatsArray {
    /** PubKeyCredParam count */
    uint32_t attestationFormatsNum;
    /** The list of additional parameters for authentication credentials. */
    char **attestationFormats;
} FIDO2_AttestationFormatsArray;

/**
 * @brief Indicates the option for creating a new authentication credential.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_PublicKeyCredentialCreationOptions {
    /** The relying party attribute when creating a new credential. */
    FIDO2_PublicKeyCredentialRpEntity rp;
    /** User information. */
    FIDO2_PublicKeyCredentialUserEntity user;
    /** Challenge. */
    Uint8Buff challenge;
    /** The array of additional parameters for authentication credentials. */
    FIDO2_CredentialCreationOptionArray pubKeyCredParams;
    /** timeout. Optional. */
    uint32_t timeout;
    /** The list of additional parameters for authentication credentials. The default value is []. Optional. */
    FIDO2_PublicKeyCredentialDescriptorArray excludeCredentials;
    /** Credential Preferences. */
    FIDO2_AuthenticatorSelectionCriteria authenticatorSelection;
    /** Hints. The default value is []. Optional. */
    FIDO2_PublicKeyCredentialHintArray hints;
    /** Credential Preferences. The default value is none. Optional. */
    FIDO2_AttestationConveyancePreference attestation;
    /** The Relying Party MAY use this OPTIONAL member to specify a preference regarding
     * the attestation statement format used by the authenticator. The default value is []. */
    FIDO2_AttestationFormatsArray attestationFormats;
    /** The extensions must be a JSON string representing a Map<string, Object> object. Optional. */
    char *extensions;
} FIDO2_PublicKeyCredentialCreationOptions;

/**
 * @brief The options of credential request.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_CredentialCreationOptions {
    /** Mediation requirements. */
    FIDO2_CredentialMediationRequirement mediation;
    /** The options of publicKey credential request. */
    FIDO2_PublicKeyCredentialCreationOptions publicKey;
} FIDO2_CredentialCreationOptions;

/**
 * @brief Describes the current state of FIDO UAF client software and authenticators
 * available to the application.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_AuthenticatorMetadata {
    /** The authenticator aaguid. */
    Uint8Buff aaguid;
    /** The supported authenticator types. */
    FIDO2_Uvm uvm;
    /** Indicates whether the authenticator is available. */
    bool isAvailable;
} FIDO2_AuthenticatorMetadata;

/**
 * @brief Describes the current state of FIDO UAF client software and authenticators
 * available to the application.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_CredentialRequestOptions {
    /** Mediation requirements. */
    FIDO2_CredentialMediationRequirement mediation;
    /** The options of publicKey credential request. */
    FIDO2_PublicKeyCredentialRequestOptions publicKey;
} FIDO2_CredentialRequestOptions;

/**
 * @brief Describes the extensions supported by the authenticator array.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_AuthenticatorMetadataArray {
    /** The number of authenticator. */
    uint32_t number;
    /** The extensions supported by the authenticator. */
    FIDO2_AuthenticatorMetadata *authenticators;
} FIDO2_AuthenticatorMetadataArray;

/**
 * @brief The struct of FIDO2 capability.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_Capability {
    FIDO2_ClientCapability capability;
    bool isSupported;
} FIDO2_Capability;

/**
 * @brief Describes the capability array.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_CapabilityArray {
    /** The number of capability. */
    uint32_t number;
    /** The array of the capability. */
    FIDO2_Capability *capability;
} FIDO2_CapabilityArray;

/**
 * @brief Token binding (protocol), used by the client to communicate with the relying party.
 * @since 6.0.0(20)
 */
typedef struct FIDO2_TokenBinding {
    /** The binding status of the client. */
    FIDO2_TokenBindingStatus status;
    /** Id. */
    char *id;
} FIDO2_TokenBinding;

/**
 * @brief Initialize the FIDO2_CredentialCreationOptions structure.
 * @param options Pointer to the FIDO2_CredentialCreationOptions structure to be initialized.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
void HMS_FIDO2_initCreationOptions(FIDO2_CredentialCreationOptions *options);

/**
 * @brief Initialize the FIDO2_TokenBinding structure.
 * @param tokenBinding Pointer to the FIDO2_TokenBinding structure to be initialized.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
void HMS_FIDO2_initTokenBinding(FIDO2_TokenBinding *tokenBinding);

/**
 * @brief Initialize the FIDO2_CredentialRequestOptions structure.
 * @param options Pointer to the FIDO2_CredentialRequestOptions structure to be initialized.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
void HMS_FIDO2_initRequestOptions(FIDO2_CredentialRequestOptions *options);

/**
 * @brief When the value for a given capability is true, the feature is known to be currently supported by the client.
 * @param capability Whether the client supports this feature.
 * @return Returns {@link FIDO2_SUCCESS} if the function is executed successfully; returns a specific error
 * code if the function fails to be executed. For details, see {@link FIDO2_ErrorCode}.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
FIDO2_ErrorCode HMS_FIDO2_getClientCapability(FIDO2_CapabilityArray **capability);

/**
 * @brief Gets the list of supported platform authenticators.
 * @param authenticators List of supported platform authenticators.
 * @return Returns {@link FIDO2_SUCCESS} if the function is executed successfully; returns a specific error
 * code if the function fails to be executed. For details, see {@link FIDO2_ErrorCode}.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
FIDO2_ErrorCode HMS_FIDO2_getPlatformAuthenticator(FIDO2_AuthenticatorMetadataArray **authenticators);

/**
 * @brief Registration based on fido2, this interface can only be called from non-UI threads.
 * @param options The FIDO2 registration request options.
 * @param tokenBinding The FIDO2 registration tokenBinding.
 * @param origin The security origin when calling the method.
 * @param publicKeyAttestationCredential FIDO2 registration response.
 * @return Returns {@link FIDO2_SUCCESS} if the function is executed successfully; returns a specific error
 * code if the function fails to be executed. For details, see {@link FIDO2_ErrorCode}.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
FIDO2_ErrorCode HMS_FIDO2_register(const FIDO2_CredentialCreationOptions options, const FIDO2_TokenBinding tokenBinding,
    const char *origin, FIDO2_PublicKeyAttestationCredential **publicKeyAttestationCredential);

/**
 * @brief Authentication based on fido2, this interface can only be called from non-UI threads.
 * @param options The FIDO2 registration request options.
 * @param tokenBinding The FIDO2 registration tokenBinding.
 * @param origin The security origin when calling the method.
 * @param publicKeyAssertionCredential FIDO2 registration response.
 * @return Returns {@link FIDO2_SUCCESS} if the function is executed successfully; returns a specific error
 * code if the function fails to be executed. For details, see {@link FIDO2_ErrorCode}.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
FIDO2_ErrorCode HMS_FIDO2_authenticate(const FIDO2_CredentialRequestOptions options, const FIDO2_TokenBinding tokenBinding,
    const char *origin, FIDO2_PublicKeyAssertionCredential **publicKeyAssertionCredential);

/**
 * @brief Releases the array of capability.
 * @param capability The array of capability to be released.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
void HMS_FIDO2_CapabilityArray_Destroy(FIDO2_CapabilityArray *capability);

/**
 * @brief Releases the array of authenticator metadata.
 * @param authenticators The array of authenticator metadata to be released.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
void HMS_FIDO2_AuthenticatorMetadataArray_Destroy(FIDO2_AuthenticatorMetadataArray *authenticators);

/**
 * @brief Releases the struct of PublicKeyAttestationCredential.
 * @param publicKeyAttestationCredential The struct of PublicKeyAttestationCredential to be released.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
void HMS_FIDO2_PublicKeyAttestationCredential_Destroy(FIDO2_PublicKeyAttestationCredential *publicKeyAttestationCredential);

/**
 * @brief Releases the array of PublicKeyAssertionCredential.
 * @param publicKeyAssertionCredential The struct of PublicKeyAssertionCredential to be released.
 * @permission ohos.permission.ACCESS_FIDO2_ONLINEAUTH
 * @since 6.0.0(20)
 */
void HMS_FIDO2_PublicKeyAssertionCredential_Destroy(FIDO2_PublicKeyAssertionCredential *publicKeyAssertionCredential);
#ifdef __cplusplus
}
#endif

#endif // FIDO2_H
/** @} */
